X509 extensions are dynamic, extended properties that can be added to an X509 certificate and changed. The X509Extension class can be used to create extensions that are associated with a certificate but are not part of a certificate as issued by a certification authority (CA).

In its most basic form, an X509 extension has an object identifier (OID), a Boolean value describing whether the extension is considered critical or not, and ASN-encoded data. Custom extensions can be registered in a
CryptoConfig file.

The.NET Framework includes implementations of several common X509 extensions: